ApiKey Authentication cleanup

pull/3113/head
Mark McDowall 11 years ago
parent 57fdbe6e08
commit de607e207b

@ -1,15 +1,12 @@
using Nancy;
using Nancy.Authentication.Basic;
using Nancy.Bootstrapper;
using NzbDrone.Api.Extensions;
using NzbDrone.Api.Extensions.Pipelines;
namespace NzbDrone.Api.Authentication
{
public interface IEnableBasicAuthInNancy
{
void Register(IPipelines pipelines);
}
public class EnableBasicAuthInNancy : IEnableBasicAuthInNancy
public class EnableBasicAuthInNancy : IRegisterNancyPipeline
{
private readonly IAuthenticationService _authenticationService;
@ -28,7 +25,7 @@ namespace NzbDrone.Api.Authentication
{
Response response = null;
if (!context.Request.Path.StartsWith("/api/") &&
if (!context.Request.IsApiRequest() &&
context.CurrentUser == null &&
_authenticationService.Enabled)
{

@ -1,17 +1,15 @@
using System.Linq;
using System;
using System.Linq;
using Nancy;
using Nancy.Bootstrapper;
using NzbDrone.Api.Extensions;
using NzbDrone.Api.Extensions.Pipelines;
using NzbDrone.Common.EnvironmentInfo;
using NzbDrone.Core.Configuration;
namespace NzbDrone.Api.Authentication
{
public interface IEnableStatelessAuthInNancy
{
void Register(IPipelines pipelines);
}
public class EnableStatelessAuthInNancy : IEnableStatelessAuthInNancy
public class EnableStatelessAuthInNancy : IRegisterNancyPipeline
{
private readonly IConfigFileProvider _configFileProvider;
@ -28,18 +26,16 @@ namespace NzbDrone.Api.Authentication
public Response ValidateApiKey(NancyContext context)
{
Response response = null;
var apiKey = context.Request.Headers["ApiKey"].FirstOrDefault();
if (!RuntimeInfo.IsProduction &&
(context.Request.UserHostAddress.Equals("localhost") ||
context.Request.UserHostAddress.Equals("127.0.0.1") ||
context.Request.UserHostAddress.Equals("::1")))
if (!RuntimeInfo.IsProduction && context.Request.IsLocalRequest())
{
return response;
}
var apiKey = context.Request.Headers.Authorization;
if (context.Request.Path.StartsWith("/api/") &&
(apiKey == null || !apiKey.Equals(_configFileProvider.ApiKey)))
if (context.Request.IsApiRequest() &&
(String.IsNullOrWhiteSpace(apiKey) || !apiKey.Equals(_configFileProvider.ApiKey)))
{
response = new Response { StatusCode = HttpStatusCode.Unauthorized };
}

@ -0,0 +1,28 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using Nancy;
namespace NzbDrone.Api.Extensions
{
public static class RequestExtensions
{
public static bool IsApiRequest(this Request request)
{
return request.Path.StartsWith("/api/", StringComparison.InvariantCultureIgnoreCase);
}
public static bool IsSignalRRequest(this Request request)
{
return request.Path.StartsWith("/signalr/", StringComparison.InvariantCultureIgnoreCase);
}
public static bool IsLocalRequest(this Request request)
{
return (request.UserHostAddress.Equals("localhost") ||
request.UserHostAddress.Equals("127.0.0.1") ||
request.UserHostAddress.Equals("::1"));
}
}
}

@ -38,21 +38,7 @@ namespace NzbDrone.Api.Frontend.Mappers
public override Response GetResponse(string resourceUrl)
{
string content;
var response = base.GetResponse(resourceUrl);
var stream = new MemoryStream();
response.Contents.Invoke(stream);
stream.Position = 0;
using (var reader = new StreamReader(stream))
{
content = reader.ReadToEnd();
}
content = content.Replace("API_KEY", _configFileProvider.ApiKey);
response = new StreamResponse(() => StringToStream(content), response.ContentType);
response.Headers["X-UA-Compatible"] = "IE=edge";
return response;
@ -70,6 +56,7 @@ namespace NzbDrone.Api.Frontend.Mappers
text = text.Replace(".css", ".css?v=" + BuildInfo.Version);
text = text.Replace(".js", ".js?v=" + BuildInfo.Version);
text = text.Replace("API_KEY", _configFileProvider.ApiKey);
return text;
}

@ -30,8 +30,6 @@ namespace NzbDrone.Api
RegisterPipelines(pipelines);
container.Resolve<DatabaseTarget>().Register();
container.Resolve<IEnableBasicAuthInNancy>().Register(pipelines);
container.Resolve<IEnableStatelessAuthInNancy>().Register(pipelines);
container.Resolve<IEventAggregator>().PublishEvent(new ApplicationStartedEvent());
ApplicationPipelines.OnError.AddItemToEndOfPipeline(container.Resolve<NzbDroneErrorPipeline>().HandleException);

@ -21,11 +21,8 @@ define(function () {
delete xhr.data;
}
if (xhr) {
if (!xhr.headers) {
xhr.headers = {};
}
xhr.headers["ApiKey"] = window.NzbDrone.ApiKey;
xhr.headers = xhr.headers || {};
xhr.headers['Authorization'] = window.NzbDrone.ApiKey;
}
return original.apply(this, arguments);

@ -5,7 +5,7 @@ var statusText = $.ajax({
url : window.NzbDrone.ApiRoot + '/system/status',
async: false,
headers: {
ApiKey: window.NzbDrone.ApiKey
Authorization: window.NzbDrone.ApiKey
}
}).responseText;

@ -62,7 +62,7 @@
</body>
<script type="text/javascript">
window.NzbDrone = {};
window.NzbDrone = window.NzbDrone || {};
window.NzbDrone.ApiKey = 'API_KEY';
</script>

Loading…
Cancel
Save